[aws] Don't index empty AWS Security Hub responses

[chrisberkhout]

Proposed commit message

[aws] Don't index empty AWS Security Hub responses (#)

Set `response.split.ignore_empty_value: true` for splitting responses
from AWS Security Hub, to avoid indexing the empty wrapper document
when the Insights or Findings list is empty.

The [`response.split` documentation][1] says:

> If the split target is empty the parent document will be kept.
> If documents with empty splits should be dropped, the
> `ignore_empty_value` option should be set to `true`.
 
 [1]: https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-httpjson.html#response-split

Checklist

• I have reviewed tips for building integrations and this pull request is aligned with them.
• I have verified that all data streams collect metrics or logs.
• I have added an entry to my package's changelog.yml file.
• I have verified that Kibana version constraints are current according to guidelines.

[elasticmachine]

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

[elasticmachine]

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

[crocswithsocks]

Thank you for this update. I would also love to see support for the integration to retrieve Managed Security Hub insights

[ShourieG]

Lgtm

[elastic-sonarqube]

Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarQube

[elasticmachine]

💚 Build Succeeded

• Buildkite Build
• Commit: 05e9c87

History

• 💚 Build #10793 succeeded 36032ec

cc @chrisberkhout

[elasticmachine]

Package aws - 2.15.1 containing this change is available at https://epr.elastic.co/search?package=aws